Information security – Access control or authentication – Stand-alone
Reexamination Certificate
2011-01-04
2011-01-04
Truong, Thanhnga B (Department: 2438)
Information security
Access control or authentication
Stand-alone
C726S027000, C713S150000, C713S165000, C713S166000
Reexamination Certificate
active
07865947
ABSTRACT:
Systems and methods for allowing authorized code to execute on a computer system are provided. According to one embodiment, a method is provided for locking down a computer system. A customized, local whitelist database is stored with a memory of the computer system. The whitelist database forms a part of an authentication system operable within the computer system and contains therein cryptographic hash values of code modules expressly approved for execution by the computer system. A kernel mode driver of the authentication system intercepts a request to create a process associated with a code module. The authentication system determines whether to authorize the request by causing a cryptographic hash value of the code module to be authenticated against the whitelist database. The authentication system allows the code module to be loaded and executed within the computer system if the cryptographic hash value matches one of the cryptographic hash values.
REFERENCES:
patent: 5257381 (1993-10-01), Cook
patent: 5283856 (1994-02-01), Gross et al.
patent: 5293629 (1994-03-01), Conely et al.
patent: 5311591 (1994-05-01), Fischer
patent: 5398196 (1995-03-01), Chambers
patent: 5440723 (1995-08-01), Arnold et al.
patent: 5452442 (1995-09-01), Kephart
patent: 5475839 (1995-12-01), Watson et al.
patent: 5485575 (1996-01-01), Chess et al.
patent: 5684875 (1997-11-01), Ellenberger
patent: 5696822 (1997-12-01), Nachenberg
patent: 5752058 (1998-05-01), Van De Vanter
patent: 5826013 (1998-10-01), Nachenberg
patent: 5951698 (1999-09-01), Chen et al.
patent: 5956481 (1999-09-01), Walsh et al.
patent: 5960170 (1999-09-01), Chen et al.
patent: 5974141 (1999-10-01), Saito
patent: 5978917 (1999-11-01), Chi
patent: 6006035 (1999-12-01), Nabahi
patent: 6006329 (1999-12-01), Chi
patent: 6094731 (2000-07-01), Waldin et al.
patent: 6108799 (2000-08-01), Boulay et al.
patent: 6230288 (2001-05-01), Kuo et al.
patent: 6577920 (2003-06-01), Hypponen et al.
patent: 6823460 (2004-11-01), Hollander et al.
patent: 6986050 (2006-01-01), Hypponen
patent: 7020895 (2006-03-01), Albrecht
patent: 7114185 (2006-09-01), Moore et al.
patent: 7184554 (2007-02-01), Freese
patent: 7266845 (2007-09-01), Hypponen
patent: 7293177 (2007-11-01), Lahti et al.
patent: 7319751 (2008-01-01), Krinchenko
patent: 7398389 (2008-07-01), Teal et al.
patent: 7398553 (2008-07-01), Li
patent: 7480683 (2009-01-01), Thomas et al.
patent: 7487495 (2009-02-01), Usov
patent: 7516489 (2009-04-01), Lahti
patent: 7529374 (2009-05-01), Huttunen
patent: 7533131 (2009-05-01), Thomas et al.
patent: 7539828 (2009-05-01), Lomnes
patent: 7698744 (2010-04-01), Fanton et al.
patent: 2002/0070272 (2002-06-01), Gressel et al.
patent: 2002/0073330 (2002-06-01), Chandnani et al.
patent: 2002/0099952 (2002-07-01), Lambert et al.
patent: 2002/0129277 (2002-09-01), Caccavale
patent: 2002/0178374 (2002-11-01), Swimmer et al.
patent: 2003/0074574 (2003-04-01), Hursey et al.
patent: 2003/0135756 (2003-07-01), Verma
patent: 2003/0135791 (2003-07-01), Natvig
patent: 2003/0172167 (2003-09-01), Judge et al.
patent: 2003/0177394 (2003-09-01), Dozortsev
patent: 2003/0212902 (2003-11-01), Van De Made
patent: 2004/0015712 (2004-01-01), Szor
patent: 2004/0034794 (2004-02-01), Mayer et al.
patent: 2004/0044906 (2004-03-01), England et al.
patent: 2004/0098607 (2004-05-01), Alagna et al.
patent: 2004/0153918 (2004-08-01), Tanaka et al.
patent: 2004/0158730 (2004-08-01), Sarkar
patent: 2004/0172551 (2004-09-01), Fielding et al.
patent: 2004/0187023 (2004-09-01), Alagna et al.
patent: 2004/0199763 (2004-10-01), Freund
patent: 2004/0205167 (2004-10-01), Grumann
patent: 2004/0225877 (2004-11-01), Huang
patent: 2004/0243829 (2004-12-01), Jordan
patent: 2004/0255163 (2004-12-01), Swimmer et al.
patent: 2005/0022018 (2005-01-01), Szor
patent: 2005/0060566 (2005-03-01), Chebolu et al.
patent: 2005/0060581 (2005-03-01), Chebolu et al.
patent: 2005/0065935 (2005-03-01), Chebolu et al.
patent: 2005/0066290 (2005-03-01), Chebolu et al.
patent: 2005/0102601 (2005-05-01), Wells
patent: 2005/0108516 (2005-05-01), Balzer et al.
patent: 2005/0120242 (2005-06-01), Mayer et al.
patent: 2005/0149726 (2005-07-01), Joshi et al.
patent: 2005/0166268 (2005-07-01), Szor
patent: 2005/0262558 (2005-11-01), Usov
patent: 2006/0095971 (2006-05-01), Costea et al.
patent: 2006/0130141 (2006-06-01), Kramer et al.
patent: 2006/0147043 (2006-07-01), Mann et al.
patent: 2006/0174344 (2006-08-01), Costea et al.
patent: 2006/0242685 (2006-10-01), Heard et al.
patent: 2007/0208689 (2007-09-01), Park
LF Friedrich, A Parallel/distributed Implementation Environment; Year: 1997; IEEE; pp. 61-67.
Non-Final Rejection for U.S. Appl. No. 11/296,094 mailed Dec. 5, 2005.
LF Friedrichm A Parallel/distributed Implementation Environment Year: 1997; IEEE; pp. 61-67.
Enterprise Application Whitelisting, “What is That Application?” Bit9Parity. 2 pages. www.bit9.com.
Leyden, J., “SecureWave Revamps Alternative to Desktop AV [printer-friendly] The Register.” http://www.theregister.co.uk/2004/03/30/securewave—revamps—altenative—to—desktop/pri...Mar. 2004.2 pages.
Enterprise Application Whitelisting, “In Software We Trust.” Bit9Parity. 2 pages, www.bit9.com.
“F-Secure DeepGuard™—A Proactive Response to the Evolving Threat Scenario.” F-Secure. Nov. 2006.11 pages.
“F-Secure DeepGuard™ 2.0.” F-Secure. Sep. 2008.13 pages.
Leyden, J., “SecureWave Revamps Alternative to Desktop AV [printer-friendly]The Register.” http://www.theregister.co.uk/2004/03/30/securewave—revamps—altenative—to—desktop/pri...Mar. 2004.2 pages.
From Zero-day to Real-time—How McAfee Artemis Technology Combats Real-Time Cybercrime With Community Threat Intelligence. McAfee, www.mcafee.com. 9 pages.
“McAfee Artemis Technology-Always-On, Real-Time Protection.” McAfee, www.mcafee.com. 3 pages.
Solidcore S3 Control-Embedded. Certification Report. NSS Labs. Sep. 2008. 32 pages.
“Runtime Control the Perfect Antivirus Solution—Be prepared and decrease your risk from today's targeted attacks and threat landscape.” Solidcore. 4 pages.
Virtualized Laptop and Desktop Management Viewfinity Compliance and Security. ViewFinity. 5 pages.
S3 Control Product Comparison. Solidcore. 1 page.
Prevx 3.0. PC Magazine, www.pcmag.com. May 2009. 3 pages.
Bouncer by CoreTrace™-High-Security / Easy-Change Application Whitelisting. coreTrace. 4 pages. 2009.
True Endpoint Security—A Matter of 180 degrees. coreTrace. Jul. 2008. 9 pages.
“White Paper: Application Whitelisting and Energy Systems—A Good Match?”coreTrace, 6 pages, 2009.
“Bouncer by CoreTraceTM—Provides True Endpoint Security with Rapid Breakeven.” coreTrace. Jul. 2008. 10 pages.
“ Regulatory Compliance Protecting PCI Systems and Data.” coreTrace. 2 pages, 2009.
CoreTrace Continues to Knock Down Application Whitelisting Barriers. EMA. 3 pages, 2009.
Luallen, M. E., et al. “Malicious Software Prevention for NERC CIP-007 Compliance; Protective Controls for Operating Systems and Supporting Applications.”8 pages.
Wakeham, R., “White Paper—Hardening Critical Systems at Electrical Utilities—Meeting Regulatory Requirements Through Endpoint Controls.” NetSPI. 5 pages.
Ogren, E., “The Tenets of Endpoint Control.” Ogren Group. 7 pages, 2008.
“Product Data Sheet.” Faronics Anti-Executable™. 2 pages.
Faronics Anti-Executable Enterprise. Faronics Anti-Executable™. Oct. 2009. 4 pages.
Anti-Executable Key Features. Faronics Anti-Executable™. http://www.faronics.com/html/AEFeatures.asp. 2 pages.
Faronics Anti-Executable Standard. Faronics Anti-Executable™. Oct. 2009. 3 pages.
“Faronics Anti-Executable—Application Whitelisting for Endpoint Security.” Faronics Anti-Executable™. http://www. faronics.com/html/AntiExec.asp. 2 pages.
Blacklist Versus Whitelist Software
Fanton Andrew F.
Gandee John J.
Godwin Kurt E.
Harper Edwin L.
Lutton William H.
Hamilton DeSanctis & Cha, LLP
Truong Thanhnga B
WhiteCell Software, Inc.
LandOfFree
Computer system lock-down does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Computer system lock-down, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Computer system lock-down will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2652421